SimplePHPscripts Simple Forum PHP 2.7 URL Parameter /preview.php cross site scripting

EntryHistoryjsonxmlCTI

A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. The weakness was released 07/07/2023. The identification of this vulnerability is CVE-2023-3539. The attack may be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field	07/07/2023 14:05	07/25/2023 13:16	07/25/2023 13:22
vendor	SimplePHPscripts	SimplePHPscripts	SimplePHPscripts
name	Simple Forum PHP	Simple Forum PHP	Simple Forum PHP
version	2.7	2.7	2.7
component	URL Parameter Handler	URL Parameter Handler	URL Parameter Handler
file	/preview.php	/preview.php	/preview.php
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
availability	1	1	1
cve	CVE-2023-3539	CVE-2023-3539	CVE-2023-3539
responsible	VulDB	VulDB	VulDB
date	1688680800 (07/07/2023)	1688680800 (07/07/2023)	1688680800 (07/07/2023)
type	Forum Software	Forum Software	Forum Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4	3.4
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.2	3.2	3.2
cvss3_meta_basescore	3.5	3.5	4.4
cvss3_meta_tempscore	3.2	3.2	4.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1688680800 (07/07/2023)	1688680800 (07/07/2023)
cve_nvd_summary		A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.	A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			4.0
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			3.5

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!